package com.lhq.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("order")
public class OrderController {

    //@RequiresRoles(value={"admin","user"})//用来判断角色  同时具有 admin user
   // @RequiresPermissions("user:update:01") //用来判断权限字符串
    @RequestMapping("/save")
   //@RequiresPermissions("order/save")//方法级别的权限控制通过权限注解实现
   // @RequiresRoles("admin")
    public String save(){
        //获取主体对象

        try {
            Subject subject = SecurityUtils.getSubject();
            if (subject.hasRole("admin")){
                System.out.println("保存订单!");
                return "保存订单!";}
       else {
            System.out.println("无权访问!");
            return "无权访问!";
        } }finally {return "redirect:/order.jsp";
        }

//        System.out.println("无权访问!");
//                return "无权访问!";

        //finally{ return "redirect:/order.jsp";}
        //System.out.println("进入方法");

    }

}
